From owner-freebsd-security Thu Feb 1 6:45:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from iaces.com (horton.iaces.com [204.147.87.98]) by hub.freebsd.org (Postfix) with ESMTP id 8536937B491 for ; Thu, 1 Feb 2001 06:45:20 -0800 (PST) Received: (from proot@localhost) by iaces.com (8.11.1/8.11.1) id f11EjHL11174 for security@freebsd.org; Thu, 1 Feb 2001 08:45:17 -0600 (CST) (envelope-from proot) Date: Thu, 1 Feb 2001 08:45:17 -0600 From: "Paul T. Root" To: security@freebsd.org Subject: Re: sendmail vs. postfix question Message-ID: <20010201084517.A11129@horton.iaces.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i X-Organization: Qwest - ACES X-Phone: (612) 664-3385 X-Fax: (612) 664-4779 X-Page: (877) 693-7155 X-Address: Minneapolis, MN 55413 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I took the advanced Sendmail course from Allman back that the '99 LISA. At that time he said there had been no security holes found in sendmail in a few years (I don't remember the actual number), and in those 2 years, I don't remember any. I also run Sendmail Switch (the for sale version) on my main domain, and it installs running without root. > > Date: Thu, 1 Feb 2001 01:15:22 -0500 > From: "Richard Ward" > Subject: Re: sendmail vs. postfix question > > That's very true. One of the features that stand out in the "Sendmail = > verses Postfix" war is that Postfix doesn't "need" root. With some = > modification, neither does Sendmail. Though many won't take the time to = > do this, it's one of the reasons Sendmail is deemed one of the most = > insecure "common" daemons. I prefer Sendmail over Postfix simply because = > I was brought up on to the Internet running Sendmail, it feels more like = > home. I do however have Postfix running on my local machine, and with = > keeping up-to-date on mailing lists such as this, none are a huge threat = > to my network. > > I would have to agree, doing anything in Sendmail takes some reading, = > though for the basic e-mail setup, there's little need to bring out = > O'Reilly. Both Sendmail and Postfix have a home on my network, I suppose = > it's just how much time you want to put in to it that depicts which MTA = > you will be running on your next computer. > > Just my two cents. > - -- > Richard Ward, CEO > richard@neonsky.net > Neonsky Internet Services > 877 249 6707 - US/Canada > > > - ----- Original Message -----=20 > From: Christopher Farley > To: Fenix > Cc: ; > Sent: Thursday, February 01, 2001 12:56 AM > Subject: Re: sendmail vs. postfix question > > > > Fenix (fenix@xs4some.net) wrote: > >=20 > > > I have a little question about sendmail vs. postfix .... > > > Are there any known recent problms with sendmail security ? > > > what about postfix ? > >=20 > > Sendmail is a large, monolithic, complicated program that runs as > > root. Historically, it has been responsible for some of the most > > notorious and widespread security holes on the Internet, but I > > don't believe there are any (known) gaping holes in it today. > > Sendmail configuration is complicated and arcane -- it is the > > subject of one of the thickest books in the O'Reilly catalog. > > Actually, configuring sendmail is not that bad once you understand > > it -- you edit a human-readable config file which is processed by > > the m4 macro processor to build the much less human-readable > > sendmail.cf file. However, if you are like I am, and infrequently > > make configuration changes to your mail server, it may take more than = > a > > few minutes of grepping documentation to make even a tiny change. > >=20 > > Postfix has a different architecture, but strictly conforms to the > > 'sendmail api'. That is to say that Postfix is more or less designed > > to be a drop-in replacement for Sendmail. Postfix is actually > > several small, specialized daemons that do not run as root (!), > > which has some positive security implications. Configuration of > > Postfix is very easy; there is no m4 macro processing here! I have > > always been able to make it do what I need it to do, although my > > needs aren't very great. According to my ISP (visi.com), Postfix > > outperforms Sendmail.=20 > >=20 > > --=20 > > Christopher Farley > > www.northernbrewer.com > >=20 > >=20 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -- Shaquille O'Neal, on his lack of championships: "I've won at every level, except college and pro." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message